On 07/09/13 16:31, Anders wrote: >>> How about using iptables and rate-limit? and log+reject the (uid) when >>> exceeded? something like : >>> >>> -m state --state NEW -m recent --set >>> -m state --state NEW -m recent --update --seconds 3600 --hitcount 100 -j >>> NFLOG --nflog-prefix "SMTP count exceeded " >>> -m state --state NEW -m recent --update --seconds 3600 --hitcount 100 -j >>> REJECT > >> I really like this idea. If anyone gets something like this to actually >> work would they mind posting a complete working example please. > > Just a question, does locally originating smtp (mail) actually pass > through the network before courier gets it? I.e local socket or > something like that. Then it would be easy to do.
Perhaps Sam or someone else could comment on this part. > Otherwise we only see the outgoing mail leaving/relayed by courier. > Possibly, L7 filters could scan the outgoing mail, detect the UID and > apply rate limiting. So it seems it would depend on a system UID per user for this to work and that may be a showstopper for me and folks using authentication of virtual users via a database (so that there is really only a single UID, "daemon" in my case with Ubuntu and Debian). However I'd be willing to provide individual system UIDs for each user if that would allow low level rate-limiting via iptables to work on a per user basis. ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
